From: Wilfried Goesgens <dothebart@citadel.org>
Date: Mon, 25 Feb 2013 19:48:08 +0000 (+0100)
Subject: File-Handling: sanitize filenames.
X-Git-Tag: v8.16~4
X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=e8d10cbb47589a77628929c0a78f9154e5b44302

File-Handling: sanitize filenames.
---

diff --git a/citadel/file_ops.c b/citadel/file_ops.c
index a3e8d7498..fa65f3171 100644
--- a/citadel/file_ops.c
+++ b/citadel/file_ops.c
@@ -208,6 +208,12 @@ void cmd_open(char *cmdbuf)
 			ERROR + FILE_NOT_FOUND);
 		return;
 	}
+	if (strstr(filename, "../") != NULL)
+	{
+		cprintf("%d syntax error.\n",
+			ERROR + ILLEGAL_VALUE);
+		return;
+	}
 
 	if (CC->download_fp != NULL) {
 		cprintf("%d You already have a download file open.\n",
@@ -289,6 +295,13 @@ void cmd_oimg(char *cmdbuf)
 				filename[a] = '_';
 			}
 		}
+		if (strstr(filename, "../") != NULL)
+		{
+			cprintf("%d syntax error.\n",
+				ERROR + ILLEGAL_VALUE);
+			return;
+		}
+
 		snprintf(pathname, sizeof pathname,
 				 "%s/%s",
 				 ctdl_image_dir,